Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EIP value in callback UC_HOOK_MEM_UNMAPPED depends on UC_HOOK_CODE registration (x86) #2040

Open
boborjan2 opened this issue Oct 22, 2024 · 1 comment
Open

EIP value in callback UC_HOOK_MEM_UNMAPPED depends on UC_HOOK_CODE registration (x86) #2040

boborjan2 opened this issue Oct 22, 2024 · 1 comment

Comments

@boborjan2
Copy link

I get different eip values in the unmapped mem callback for the very same binary if I register a code hook instead of a block hook. Seemingly eip gets updated in some part of the code that depends on the existance of a code hook. (if there is a code hook, eip precisely points to the instruction making the failed access) What I see is that env->eip is different is store_helper() where the unmapped hook is called from. I haven't made any deep analysis hoping the phenomenon might ring some bells regarding code hook implementation.

Thanks for the help,
Viktor
@wtdcode
Copy link
Member

wtdcode commented Oct 22, 2024

#1643

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wtdcode @boborjan2